McCain slams DHS, wants DOD to defend cyberspace

By William Jackson

Mar 27, 2012

Arizona Republican Sen. John McCain said in budget hearings March 27 that he is dissatisfied with the Defense Department’s limited role in defending cyberspace and criticized the Homeland Security Department’s ability to oversee civilian cybersecurity.

“Most of us who have been through an airport have no confidence in the technological capability of the Department of Homeland Security,” he said.

With $3.4 billion requested for fiscal 2013, cybersecurity is one of the few areas of expanding investment in an otherwise lean DOD budget, Army Gen. Keith Alexander, commander of the U.S. Cyber Command and director of the National Security Agency, told the Senate Armed Services Committee.

Alexander called cybersecurity a team sport in which DOD cooperates with DHS and the FBI. He said the Cyber Command’s primary responsibility is to protect DOD networks and respond to attacks from outside U.S. borders, while DHS has responsibility for protecting civilian infrastructure in the U.S.

The hearing on the fiscal 2013 budget requests for the U.S. Strategic and Cyber Commands became a duel over opposing views of how the nation’s cyber defense should be structured, with McCain, the committee’s ranking Republican, maintaining that DOD should be given complete responsibility.

McCain said the idea that DHS should oversee the security of civilian and privately owned networks was “most curious” and called the separate roles of the departments “stovepipes at the ultimate.”

Sen. Joseph Lieberman (I-Conn.) defended the DHS role, saying that the teamwork approach does not create siloed missions but relies on cooperation and information sharing.

McCain and Lieberman have introduced competing cybersecurity bills that underscore their different approaches. Lieberman’s Cybersecurity Act of 2012 (S. 2105) is a comprehensive bill that would give DHS authority to oversee minimum security requirements for designated privately owned critical infrastructure. McCain’s Secure IT Act (S. 2151) focuses only on enabling information sharing between the public and private sectors and includes no role for DHS and no security requirements for private infrastructure.

Lieberman dismissed criticism from McCain that his bill would create a regulatory bureaucracy. “Shame on us if we look at this as business regulation,” he said. “This is cybersecurity.”

One area of agreement in the hearing was the importance of cybersecurity, which Alexander and Air Force Gen. C. Robert Kehler, commander of the U.S. Strategic Command, called one of the most pressing threats to national security. Alexander called the theft of intellectual property from U.S. defense contractors by China “astounding.”

Kehler agreed that the theft of civilian intellectual property is a threat to national security but said that a military response to online espionage currently is not an option for the United States. “Using the rest of Stratcom would be out,” he said. The solution is to make such theft as difficult as possible. “Our intellectual property is not well protected, and we can do a better job of protecting it.”

Although not advocating an offensive strategy for cyberspace, Alexander said that U.S. cyber defense needs to become more proactive. “Today we are in the forensic mode,” he said. “I think we should be in the prevention mode.”

He said the Cyber Command can do this with increased cooperation with civilian agencies and with the private sector. The military needs visibility into not only its own networks but global networks outside its control, and this visibility should come from the networks’ operators rather than Cyber Command or the NSA, he added.

“I do not believe we want the military inside our networks, watching it,” he said.

Alexander recommended expanding the current Defense Industrial Base pilot program, in which DOD and NSA supply information, including threat signatures, to selected defense contractors in exchange for information gathered from contractors’ systems.

DIB is being expanded, but a report on the program done early in the pilot phase by Carnegie Mellon University found that NSA provided few signatures to private partners that the companies did not already have and that the companies were able to identify threats without the signatures using tools unknown to NSA.

Alexander acknowledged early shortcomings in DIB but said “that doesn’t mean we can’t do better,” and that communication between DOD and its private partners has improved because of the program.

inside gcn

Reader Comments

Thu, Apr 5, 2012
Jay
DC

You are right about NIPR, but OMG....DHS is totally disfunctional and should be disbanded. Stovepiping MAXIMUS!

Wed, Mar 28, 2012

Ravi is right- neither department is competent to handle the mission. Great techs and skills, but most is wasted on internecine turf battles, rather than mission. DHS and DOD should both take all IT and telecom away from their component agaencies, and common-service it. It would save billions, and with a rationalized structure, security would be a lot easier.

Wed, Mar 28, 2012

Time for the tea party to start trimming the budget by eliminating a whole department spawned from fear after 911 that has proven to be a wart on the taxpayers backside.

Wed, Mar 28, 2012
Ravi

Given the long term implications and critical nature of an effective and efficient Cyber Defense program, instead of DOD or DHS, I would recommend having a separate Department and component agencies for Cyber Defense that is built Top Down as an exclusive authority over cyber defense and security under the President. This department can partner with other allied nations, like the NATO, in collaborative defense of the global cyberspace from hostile elements.

Wed, Mar 28, 2012
Cowboy Joe

I know "Washington" is big, but these egos are bigger and we ain't getting a whole that greater'n the sum of its parts. November's comin' - it's been a while hopefully we can get a crop in there that can work together for the good of the poeple.